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DETAILED ACTION 

1. Claims 1-33 have been examined and are pending. 

2. Claim 34 is cancelled. 

3. No new claims are presented. 

4. Applicant's amendments necessitate a new ground of rejection. 
Accordingly, this Office action is made FINAL. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1 -33 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

6. Claim 32 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 
7,308,703 B2 (Wright et al.), and further in view of US 7,185,364 B2 (Knouse et al.) 
and US 6,836,888 B1 (Basu et al.). 

As to Claim 32, Wright et al. anticipate a method implemented at a server device 
for managing access to a resource over a network, comprising: 

receiving a request for access to the resource from a client device (Wright et al. 
disclose reception of client request - Figure 10A, elements 1014 and 1024); 
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determining a level of security software enabled on the client device (Wright et al. 
disclose determining a client's security software status as active or inactive and basing 
restrictions to client access based on the client's security status - Column 2, lines 17- 
64; In addition, column 2, lines 60-64 disclose that security features of the 
communication session between the mobile device and another computer are 
determined. In other words, to check the session's security features, one or both 
communicating party's security configuration is checked.) 

including what antivirus software is active on the client device (Wright et al. 
disclose policy based on anti-virus software status - Column 18. lines 35-39) 

and whether a hacker tool is enabled on the client device (Wright et al. Column 
20, lines 35-42 disclose that the security software can be a hacker tool VPN); 

applying a dynamic policy to the access based, in part, on the determined level of 
security software enabled (Wright et al. disclose determining a client's security software 
status as active or inactive and basing restrictions to client access based on the client's 
security status - Column 2, lines 17-64; and both of the communicating devices are 
checked for security features because the communication session is analyzed between 
the mobile device and another computer - 2:60-64, 7:11-14, and 7:28-36); and 

applying a restriction to the client device for access by the client device to the 
requested resource, the restriction based on the applied dynamic policy (Wright et al. 
disclose determining a client's security software status as active or inactive and basing 
restrictions to client access based on the client's security status - Column 2, lines 17- 
64; and both of the communicating devices are checked for security features because 
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the communication session is analyzed between the mobile device and another 
computer - 2:60-64, 7:1 1 -14, and 7:28-36). 

Wright et al. disclose that the communication session between two devices is 
examined for security status, and the dynamic policy application, however they are not 
explicit on using the server device to apply communication restrictions. However, 
Knouse et al. disclose 

at the server device (Knouse et al. disclose using the server device to apply a 
policy in response to t user request for resource access based on the requestor's 
configuration and the nature of the resources requested - 8:32-66), 

using the server device (Knouse et al. disclose using the server device to apply a 
policy in response to t user request for resource access based on the requestor's 
configuration and the nature of the resources requested - 8:32-66); and 

in response to the received request (Knouse et al. disclose using the server 
device to apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66); and 

and the requested resource (Knouse et al. disclose using the server device to 
apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine using the server device to apply communication 
restrictions; and in response to the received request; and the requested resource taught 
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by Knouse et al., with applying the dynamic policy taught by Wright et al., in order to 
customize responses to individual users - (Knouse et al. - 8:32-66). 

The combination of Wright et al. and Knouse et al. does not disclose employing a 
virtual sandbox at the client device to encrypt the resources using an encryption key 
that is stored on a remote server device. However, Basu et al. disclose 

employing a virtual sandbox at the client device to encrypt the resources using 
an encryption key that is stored on a remote server device (Basu et al. disclose the use 
of virtual sandbox at the client device and the sandbox encrypting resources such that 
the key is stored at a remote server - 13:13:22). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine employing a virtual sandbox at the client device to 
encrypt the resources using an encryption key that is stored on a remote server device 
taught by Basu et al., with employing a virtual sandbox taught by the combination of 
Wright et al. and Knouse et al., in order to securely distribute keys over remote 
networks - (Basu et al. - 13:19-22). 

7. Claims 1 , 2, 4-1 1 , 1 3-1 8 and 20-31 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over US 7,308,703 B2 (Wright et al.), and further in view of US 
7,430,524 B2 (Shah et al.), and US 7,185,364 B2 (Knouse et al.) and US 6,836,888 
B1 (Basu et al.). 
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As to Claims 1,10, 22, 28 and 31 , Wright et al. disclose an apparatus, method 
implemented at a network device, a network appliance and a computer readable 
storage medium that includes data and instructions, wherein the execution of the 
instructions on a computing device provides, and an apparatus, respectively, for 
managing access to a resource over a network, comprising: 

a receiver that receives a request for access to the resource from a client 
device (Wright et al. disclose reception of client request - Column 1 5, lines 62-63); and 

a policy manager, coupled to the receiver, that is performs actions, 
including (Wright et al. disclose the policy module - Column 1 5, lines 40-42): 

including determining whether client security software other than a virtual 
sandbox is active on the client device (Wright et al. disclose determining a 
client's security software status as active or inactive and basing restrictions to 
client access based on the client's security status - Column 2, lines 17-64); 

the configuration of the client device based on the inspection (Wright et al. 
disclose determining a client's security software status as active or inactive and 
basing restrictions to client access based on the client's security status - Column 
2, lines 17-64); 

applying a dynamic policy for the access based, in part, on the received 
configuration (Wright et al. disclose determining a client's security software status 
as active or inactive and basing restrictions to client access based on the client's 
security status - Column 2, lines 17-64); and 
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applying a restriction to the client device for access by the client device to 
the requested resource, the restriction based on the applied dynamic policy 
(Wright et al. disclose determining a client's security software status as active or 
inactive and basing restrictions to client access based on the client's security 
status - Column 2, lines 17-64); 

and whether a hacker tool is enabled on the client device (CLAIM 31 
Only) (Wright et al. Column 20, lines 35-42 disclose that the security software 
can be a hacker tool VPN). 

Wright et al. disclose that the communication session between two devices is 
examined for security status, and the dynamic policy application, however they are not 
explicit on using the apparatus to apply communication restrictions. However, Knouse et 
al. disclose 

using the apparatus (Knouse et al. disclose using the server device to apply a 
policy in response to t user request for resource access based on the requestor's 
configuration and the nature of the resources requested - 8:32-66); and 

from the client device (Knouse et al. disclose using the server device to apply a 
policy in response to t user request for resource access based on the requestor's 
configuration and the nature of the resources requested - 8:32-66); 

in response to the received request (Knouse et al. disclose using the server 
device to apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66); and 
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and the requested resource (Knouse et al. disclose using the server device to 
apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66). 

The motivation and obviousness arguments for Knouse et al. are the 
same as in Claim 32. 

The combination of Wright et al. and Knouse et al. does not disclose 
downloading a component onto the client device, wherein the downloaded 
component inspects the client device to detect a configuration of the client device 
and receiving from the downloaded component, but Shah et al. disclose 

downloading a component onto the client device, wherein the downloaded 
component inspects the client device to detect a configuration of the client device 
(Shah et al. - Column 76, lines 9-25 disclose downloading an agent onto a client 
device to inspect the client device to determine the client device's configuration, 
and reporting said configuration back to the server that sent the agent); and 

receiving from the downloaded component (Shah et al. - Column 76, lines 
9-25 disclose downloading an agent onto a client device to inspect the client 
device to determine the client device's configuration, and reporting said 
configuration back to the server that sent the agent). 
It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine sending an agent to determine a client's configuration 
and reporting back to the sender taught by Shah et al. with determining the client 
configuration taught by the combination of Wright et al. and Knouse et al. 
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One of ordinary skill in the art at the time the invention was made would have 
been motivated to determine information regarding a plurality of client devices for 
system modeling (Shah et al. - Column 76, lines 40-51). 

The combination of Wright et al., Knouse et al. and Shah et al. does not disclose 
employing a virtual sandbox at the client device to encrypt the resources using an 
encryption key that is stored on a remote server device. However, Basu et al. disclose 

employing a virtual sandbox at the client device to encrypt the resources using 
an encryption key that is stored on a remote server device (Basu et al. disclose the use 
of virtual sandbox at the client device and the sandbox encrypting resources such that 
the key is stored at a remote server - 13:13:22). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine employing a virtual sandbox at the client device to 
encrypt the resources using an encryption key that is stored on a remote server device 
taught by Basu et al., with employing a virtual sandbox taught by the combination of 
Wright et al., Knouse et al. and Shah et al., in order to securely distribute keys over 
remote networks - (Basu et al. - 13:19-22). 

As to Claim 2, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , wherein determining the configuration of 
the client device further comprises: 

if the client device is configured to not download the component, then receiving 
the configuration of the client device through a browser residing on the client device 
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(Shah et al. disclose the server capable of determining client's configuration via a plug 
and play interface which those of ordinary skill in the art would know to include plug and 
play browsers, as an alternative to the downloadable component determining the 
configuration and sending it back to the server - Column 76, lines 15-22). 

The motivation and obviousness arguments are the same as in Claim 1 . 

As to Claim 4, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , wherein determining the configuration of 
the client device further comprises 

determining information associated with the connection between the client device 
and the resource (Wright et al. disclose determining information associated with the 
communication session between the mobile device and another computer - Column 3, 
lines 4-8). 

As to Claim 5, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , wherein inspecting the client device to 
detect a configuration further comprises 

detecting if security software is installed on the client device and if security 
software is installed, inspecting the security software to detect if the security software is 
active or disabled (Wright et al. disclose determining a client's security software status 
as active or inactive and basing restrictions to client access based on the client's 
security status - Column 2, lines 17-64). 
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As to Claim 6, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , wherein applying the restriction further 
comprises 

employing a virtual sandbox that is configured based on the applied dynamic 
policy (Wright et al. Column 20, lines 35-42 disclose that the security software can be a 
hacker tool VPN, the VPN being a virtual sandbox). 

As to Claim 7, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , 

wherein the restriction includes at least one downloadable component (Wright et 
al. disclose determining a client's security software status as active or inactive and 
basing restrictions to client access based on the client's security status - Column 2, 
lines 17-64). 

As to Claim 8, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , 

wherein the restriction intercepts a communication between the client device and 
the apparatus (Wright et al. discloses the interception of files as a restriction - Column 
7, lines 59-67). 
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As to Claim 9, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 , wherein applying the restriction further 
comprises 

performing at least one of inhibiting a file save, and inhibiting a file print (Wright 
et al. discloses inhibiting a file save by preventing write access to hackers - 20:35-42). 

As to Claim 1 1 , the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, further comprising 

in response to receiving the request for access to the resource, transmitting a 
downloadable component to the client device (Wright et al. disclose determining a 
client's security software status as active or inactive and basing restrictions to client 
access based on the client's security status - Column 2, lines 17-64). 

As to Claim 13, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein receiving the configuration further 
comprises: 

receiving information indicating at least one of one level of trust associated with 
the client device, a type of encryption enabled on the client device, a type of antivirus 
enabled on the client device, a security feature enabled on the client device, a browser 
type, an operating system configuration, a security certificate, and if a hacker tool is 
enabled on the client device (Wright et al. disclose determining a client's security 
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software status as active or inactive and basing restrictions to client access based on 
the client's security status - Column 2, lines 17-64; Wright et al. Column 20, lines 35-42 
disclose that the security software can be a hacker tool VPN). 

As to Claim 14, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein receiving the configuration further 
comprises: 

receiving information indicating a level of trust of the client device (Wright et al 
disclose the trust level determination - Column 18, lines 19-23). 

As to Claim 1 5, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein receiving the configuration further 
comprises: 

receiving information indicating a characteristic of an enabled security application 
enabled (Wright et al disclose the trust level determination - Column 18, lines 19-23). 

As to Claim 16, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein applying the restriction further 
comprises 

downloading a component to the client device (Wright et al. disclose determining 
a client's security software status as active or inactive and basing restrictions to client 
access based on the client's security status - Column 2, lines 17-64). 
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As to Claim 1 7, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein applying the restriction further 
comprises 

configuring a virtual sandbox to intercept a communication between the client 
device and the resource (Wright et al. discloses the interception of files as a restriction - 
Column 7, lines 59-67; Wright et al. Column 20, lines 35-42 disclose that the security 
software can be a hacker tool VPN, the VPN being a virtual sandbox). 

As to Claim 1 8, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 17, wherein intercepting the communication 
further comprises 

blocking a download of at least one file to the client device (Wright et al. 
discloses the interception of files as a restriction - Column 7, lines 59-67). 

As to Claim 20, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein applying the dynamic policy 
further comprises 

determining at least one of a connector, and an adaptor to enable the access to 
the resource (Wright et al. disclose the determination of network adapter - Column 7, 
lines 26-37). 
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As to Claim 21 , the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein applying the dynamic policy 
further comprises 

restricting the access to the resource (Wright et al. discloses the interception of 
files as a restriction - Column 7, lines 59-67). 

As to Claim 23, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the network appliance of claim 22, wherein the processor is 
configured to perform further actions, comprising: 

in response to receiving the request for access to the resource, receiving 
additional information about the configuration of the client device through a query with a 
browser residing on the client device (Shah et al. - Column 76, lines 1 5-22 disclose the 
server capable of determining client's configuration via a plug and play interface which 
those of ordinary skill in the art would know to include plug and play browsers, as an 
alternative to the downloadable component determining the configuration and sending it 
back to the server). 

The motivation and obviousness arguments are the same as in Claim 1 . 

As to Claim 24, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the network appliance of claim 22, wherein applying the restriction 
further comprises 
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employing a virtual sandbox that is configured based on the applied dynamic 
policy (Wright et al. Column 20, lines 35-42 disclose that the security software can be a 
hacker tool VPN, the VPN being a virtual sandbox). 

As to Claim 25, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the network appliance of claim 23, wherein determining the 
configuration of the client device further comprises: 

if the client device is not configured to receive a downloadable component, 
receiving information about the configuration of the client device through a browser 
application residing within the client device (Shah et al. disclose the server capable of 
determining client's configuration via a plug and play interface which those of ordinary 
skill in the art would know to include plug and play browsers, as an alternative to the 
downloadable component determining the configuration and sending it back to the 
server - Column 76, lines 1 5-22). 

The motivation and obviousness arguments are the same as in Claim 1 . 

As to Claim 26, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the network appliance of claim 22, wherein applying the dynamic 
policy further comprises: 

if the client device is configured to restricting a download of a component, 
restricting access to the resource (Wright et al. disclose determining a client's security 
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software status as active or inactive and basing restrictions to client access based on 
the client's security status - Column 2, lines 17-64). 

As to Claim 27, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the network appliance of claim 22, wherein applying the restriction 
further comprises: 

if the client device is configured to restrict a download of a component, 
intercepting a communication between the client device and the requested resource to 
perform at least one of preventing an access to file, and restricting an action (Wright et 
al. discloses the interception of files as a restriction - Column 7, lines 59-67). 

As to Claim 29, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the computer readable storage medium of claim 28, wherein 
applying the restriction further comprises 

configuring a Virtual sandbox to intercept a communication between the client 
device and the resource (Wright et al. discloses the interception of files as a restriction - 
Column 7, lines 59-67; Wright et al. Column 20, lines 35-42 disclose that the security 
software can be a hacker tool VPN, the VPN being a virtual sandbox). 

As to Claim 30, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the computer readable storage medium of claim 28, wherein 
applying the restriction further comprises 
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blocking a download of at least one file to the client device (Wright et al. 
discloses the interception of files as a restriction - Column 7, lines 59-67). 

8. Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over the 
combination of Wright et al., Knouse et al., Shah et al. and Basu et al. as applied 
to claim 10 above, and further in view of US 7,200,272 B2 (Ishikawa). 

As to Claim 1 9, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10. 

The combination of Wright et al., Knouse et al., Shah et al. and Basu et al. does 
not disclose if the access to the resource is terminated, performing cleanup on the client 
device including at least one of deleting a cached file, deleting a temporary file, and 
enabling a disabled system command, but Ishikawa discloses, wherein applying the 
restriction further comprises: 

if the access to the resource is terminated, performing cleanup on the client 
device including at least one of deleting a cached file, deleting a temporary file, and 
enabling a disabled system command (Ishikawa - Column 5, lines 2-12 disclose the 
client's cache manager deleting the user's cache as part of a cleanup). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine performing cleanup on the client device including at 
least one of deleting a cached file, deleting a temporary file, and enabling a disabled 
system command taught by Ishikawa, with applying a restriction to the access for the 
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requested resource based on the applied dynamic policy taught by the combination of 
Wright et al., Knouse et al., Shah et al. and Basu et al. 

One of ordinary skill in the art at the time the invention was made would have 
been motivated to avoid system resources from sitting at their maximum limit, thus 
freeing up resources for other applications to use (Ishikawa - Column 5, lines 8-12). 

9. Claims 3 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over the combination of Wright et al., Knouse et al., Shah et al. and Basu et al., 
and further in view of US 2002/0111852 A1 (Levine). 

As to Claim 3, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the apparatus of claim 1 . 

The combination of Wright et al., Knouse et al., Shah et al. and Basu et al. does 
not disclose wherein the received configuration indicates whether the client device is 
operating as a kiosk, but Levine discloses 

wherein the received configuration indicates whether the client device is 
operating as a kiosk (Levine - Page 2, f [0022] discloses determining the type of client 
device and whether it's a cell phone, kiosk, PDA, laptop, desk computer, terminal or any 
other access device). 

The motivation and obviousness arguments are similar to that of Claim 33. 
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As to Claim 1 2, the combination of Wright et al., Knouse et al., Shah et al. and 
Basu et al. discloses the method of claim 10, wherein receiving the configuration further 
comprises. 

The combination of Wright et al., Knouse et al., Shah et al. and Basu et al. does 
not disclose receiving information indicating whether the client device is a laptop, 
personal computer, kiosk, or a mobile device, but Levine discloses 

receiving information indicating whether the client device is a laptop, personal 
computer, kiosk, or a mobile device (Levine - Page 2, f [0022] discloses determining 
the type of client device and whether it's a cell phone, kiosk, PDA, laptop, desk 
computer, terminal or any other access device). 

The motivation and obviousness arguments are similar to that of Claim 33. 

10. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 
7,308,703 B2 (Wright et al.), and further in view of US 2002/0111852 A1 (Levine), 
and US 7,185,364 B2 (Knouse et al.) and US 6,836,888 B1 (Basu et al.). 

As to Claim 33, Wright et al. disclose a method implemented at a network 
appliance for managing access to a resource over a network, comprising: 

receiving a request for access to the resource from a client device (Wright et al. 
disclose reception of client request - Column 15, lines 62-63); 
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determining whether client computing security software is active on the client 
device or whether a hacker tool is enabled on the client device (Wright et al. disclose 
determining a client's security software status as active or inactive and basing 
restrictions to client access based on the client's security status - Column 2, lines 17- 
64; Wright et al. Column 20, lines 35-42 disclose that the security software can be a 
hacker tool VPN); and 

applying a restriction to the client device for access by the client device to the 
requested resource, the restriction based on the determined configuration of the client 
device (Wright et al. disclose determining a client's security software status as active or 
inactive and basing restrictions to client access based on the client's security status - 
Column 2, lines 17-64, Figure 10A, elements 1024-1034). 

Wright et al. disclose that the communication session between two devices is 
examined for security status, and the dynamic policy application, however they are not 
explicit on using the server device to apply communication restrictions. However, 
Knouse et al. disclose 

using the network appliance (Knouse et al. disclose using the server device to 
apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66); and 

in response to the received request (Knouse et al. disclose using the server 
device to apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66); and 
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and the requested resource (Knouse et al. disclose using the server device to 
apply a policy in response to t user request for resource access based on the 
requestor's configuration and the nature of the resources requested - 8:32-66). 

The motivation and obviousness arguments for Knouse et al. are the same as in 
Claim 32. 

The combination of Wright et al. and Knouse et al. does not explicitly disclose 
determining if the client device is configured as a kiosk or a mobile device, but Levine 
discloses 

determining if the client device is configured as a kiosk or a mobile device 
(Levine - Page 2, f [0022] discloses determining the type of client device and whether 
it's a cell phone, kiosk, PDA, laptop, desk computer, terminal or any other access 
device). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine determining if the client device is configured as a kiosk 
or a mobile device taught by Levine, with determining client configuration taught by the 
combination of Wright et al. and Knouse et al., in order to personalize content delivery 
(Levine - Page 2, f[0015]). 

The combination of Wright et al., Levine and Knouse et al. does not disclose 
employing a virtual sandbox at the client device to encrypt the resources using an 
encryption key that is stored on a remote server device. However, Basu et al. disclose 

employing a virtual sandbox at the client device to encrypt the resources using 
an encryption key that is stored on a remote server device (Basu et al. disclose the use 
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of virtual sandbox at the client device and the sandbox encrypting resources such that 
the key is stored at a remote server - 13:13:22). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine employing a virtual sandbox at the client device to 
encrypt the resources using an encryption key that is stored on a remote server device 
taught by Basu et al., with employing a virtual sandbox taught by the combination of 
Wright et al., Levine and Knouse et al., in order to securely distribute keys over remote 
networks - (Basu et al. - 13:19-22). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to RICHARD G. KEEHN whose telephone number is 
(571)270-5007. The examiner can normally be reached on Monday through Friday, 
9am - 6pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on 571-272-3880. The fax phone number for 
the organization where this application or proceeding is assigned is 571 -273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

RGK 

/Salad Abdullahi/ 

Primary Examiner, Art Unit 2456 



